GnuPG contains a flaw that may allow a malicious user to modify the contents of a file without being detected. The issue is triggered when a file is signed with a detached signature. If the detached signature is replaced with clearsigned text, GnuPG will still report a successfully verified signature. It is possible that the flaw may allow false positives in the verification mechanism, resulting in a loss of integrity.
Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.